Only allow proxying https ports

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-08-15 15:04:43 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-08-15 15:04:43 +0200
commit: da36b72db3dd9c44b62a5236713bfc7c75b59a4c (patch)
tree: c290dbd911c64fb9ffe9bec1694c6505990a4122 /jdisc_http_service
parent: 8011beb6256b5a5a4b6287a1d89fb472836cbd65 (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java
index 4d7688d09fc..4dfdbd55fab 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HealthCheckProxyHandler.java
@@ -66,7 +66,7 @@ class HealthCheckProxyHandler extends HandlerWrapper {
         SslContextFactory sslContextFactory =
                 Optional.ofNullable(targetConnector.getConnectionFactory(SslConnectionFactory.class))
                         .map(SslConnectionFactory::getSslContextFactory)
-                        .orElse(null);
+                        .orElseThrow(() -> new IllegalArgumentException("Health check proxy can only target https port"));
         return new ProxyTarget(targetPort, sslContextFactory);
     }
 
@@ -120,8 +120,7 @@ class HealthCheckProxyHandler extends HandlerWrapper {
         }
 
         CloseableHttpResponse requestStatusHtml() throws IOException {
-            String scheme = sslContextFactory != null ? "https" : "http";
-            HttpGet request = new HttpGet(scheme + "://localhost:" + port + HEALTH_CHECK_PATH);
+            HttpGet request = new HttpGet("https://localhost:" + port + HEALTH_CHECK_PATH);
             request.setHeader("Connection", "Close");
             return client().execute(request);
         }
@@ -134,7 +133,7 @@ class HealthCheckProxyHandler extends HandlerWrapper {
                         client = HttpClientBuilder.create()
                                 .disableAutomaticRetries()
                                 .setConnectionReuseStrategy(NoConnectionReuseStrategy.INSTANCE)
-                                .setSslcontext(sslContextFactory != null ? sslContextFactory.getSslContext() : null)
+                                .setSslcontext(sslContextFactory.getSslContext())
                                 .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
                                 .setUserTokenHandler(context -> null) // https://stackoverflow.com/a/42112034/1615280
                                 .build();
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-08-15 15:04:43 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-08-15 15:04:43 +0200
commit	da36b72db3dd9c44b62a5236713bfc7c75b59a4c (patch)
tree	c290dbd911c64fb9ffe9bec1694c6505990a4122 /jdisc_http_service
parent	8011beb6256b5a5a4b6287a1d89fb472836cbd65 (diff)